How to manage the transition successfully .... MANAGING TRANSITION 90 08 15 Quality Mantra November 2015 A Newsletter of International Certification Services ISO ON THE MOVE & CREATING WAVES : Dr. Sundar Kataria Chairman & Managing Director International Certification Services Pvt. Ltd. ISO 9001 WORLDS MOST POPULAR AND ADOPTED MODERN MANAGEMENT SYSTEM You all our partners from he industry, government and public sector industry may be aware that ISO has been revising their international management systems as part of evaluation of the Management system and Quality. ISO has successfully revised and launched few management system mid Sept. 2015 under ISO schedule review to make the standard user friendly, generic and focusing business risk and opportunities. The new management system recently launched are : Ø ISO 9001 : 2015 Ø ISO 14001 : 2015 ISO adopted annexes SL, High Level structure with identical core text and common terms and definition two years back. All present future management system are being aligned with the requirements of the annexure SL. Both the above revised management standards have ten clauses instead of old QMS – ISO 9001: 2008 eight clauses. The new management system will be based on seven management system in place of old eight management principles by redefining these management principles.. Salient features of the revised ISO 9001:2015 standards provide freedom to have tailored made, organization management system in context of their organization. Leadership has to play bigger role in effective development, implementation and management of the system. Management shall focus the customer and know their business, risks and opportunities thus replacing and removing preventive action. Requirements of documentation information give independence to define their own documentation and records to control their processes and activities to achieve appropriate quality of the goods and services to meet the customer / consumer needs. Similarly “Continual Improvement” of the old standard replaced with the “improvement” of appropriate to the organization. The exclusion has been removed and organization freedom to focus all the new 10 clauses of the standard and can align with the standard requirements accordingly. The time line to transit old to new standard given as three years starting from the date of launching of the new / revised standard. The old standard ISO 9001: 2008 and ISO 14001:2004 will expire mid 2018. We are bringing this special issue of Quality Mantra to benefit the organization in understanding the requirements of the revised management system. We have also planned number of Awareness, Internal Auditor, Transition and Lead Auditor training and qualification program starting from Nov. 2015. I take the opportunity to thank all our valued customers, business associates and partners and wish you and your family Happy and Prosperous Diwali Festival of Lights and Wisdom A Publication of International Certification Services Page 02 Quality Mantra November 2015 A Newsletter of International Certification Services COMPILED BY: DR. SUNDAR KATARIA AND V. MURALIDHAR ISO FDIS 9001:2015 – EXCLUSIONS PREAMBLE ISO FDIS 9001:2015 has been released on 9th July 2015 and will be open for ballot. As a committed CAB, it is our pleasure to bring out salient points for all to know. In the ISO DIS 9001:2014 “Exclusions” was not used in the standard. However, it was mentioned in Annex A (A.5) ISO 9001:2015 FDIS Exclusions to Scope: We have had ISO 9001:2015 FDIS now for a couple of days, and we are busy trying to reconcile the FDIS, Annex SL and also what we would describe as a few myths. The subject of “exclusions” is something, at this present moment in time; we are ready to put on the latter pile. Does ISO 9001: 2015 FDIS Permit Exclusions In The Same Way As ISO 9001: 2008 ? Based on our interpretation, we would say that this is more “yes” than “no”. Initially we were concerned that the rum-ours of “no permissible exclusions” were going to be true – and many people are still maintaining that it is true, but we don’t think it is. In ISO 9001:2008, the statement relating to permissible exclusions is defined with clause 1.2 Application of Scope. It is quite clear. Exclusions are permitted; they are limited to clause 7, must be justified and can only apply where the requirement doesn’t affect the company’s ability to meet its output requirements. Therefore, when we saw the copy of ISO 9001:2015 we went straight to section 1 (Scope) to see if there was an equivalent statement – there wasn’t! Quite the reverse in fact, instead there was the following statement “All the requirements of this international standard are generic and are intended to be applicable to any organization, regardless of its type or size, products or services” Nothing about exclusions! So what about FDIS clause 8.3 Design and Development? This clause is pretty similar to clause 7.3 of ISO 9001:2008 – no major changes – what about a company that has no design function? A warehouse for example? Surely a company that has no design function wouldn’t be forced to develop contrived “design” procedures for the purpose of ticking a box? It was our understanding that ISO 9001:2015 was looking to move further away from that approach? After a while our concerns were alleviated; however, whilst the clarification regarding applicability (or exclusions) is not defined in Section 1 (Scope), it is defined somewhere else, and when you read it carefully it leaves us not too far away from where ISO 9001:2008 is on the matter. Our assumption is that those people who maintain the position of “no exclusions in ISO 9001:2015 FDIS” have possibly simply checked Section 1 (Scope) and nowhere else. Context of the Organizations: The guidance relating to applicability of requirements (and non-applicability, exclusions in other words) has moved. It is no longer mentioned in the Scope. It is outlined in Section 4.3 Determining the Scope of the Quality Management System. In that section we receive the following advice; “The organizations shall apply all the requirements of this international standardif they are applicablewithin the determined scope of the quality management system ….and provide justification for any requirement of this international standard that the organisation determines is not applicable to the scope of its quality management system” Now that, we would argue, is pretty close to where we were on the topic of exclusions in ISO 9001:2008. The matter of applicability is addressed (i.e. not all requirements will be applicable to every organisation) and where a requirement is not applicable, it has to be consistent with the defined scope and justified by the organisation. The only material differences, so far as we can tell, is that the requirement has moved and the actual word “exclusions” is no longer used. So, to summaries, in our opinion, we are pretty much where we were. So panic over. Alas!!! A Publication of International Certification Services Page 03 Quality Mantra November 2015 A Newsletter of International Certification Services COMPILED BY: DR. SUNDAR KATARIA & V. MURALIDHAR ISO FDIS 9001: 2015 Quick Summary of changes on FDIS ISO 9001:2015 The idea is to understand the intent, and added requirements in FDIS. This is just an overview of each clause. Ø Clause 4.1: Structured way to introduce company , and basis for audit Ø Clause 4.2: Interested parties identified, and needs recorded. For sustained success it is important to move towards these compliances Ø Clause 4.3: Clarity in scope, applicability ( exclusions) and boundaries of QMS Ø Clause 4.4: Approach to completeness of documentation, as well consideration to risk. Ø Clause 5.1: Integrating QMS and business . Focus on strategic direction, risk assessment Ø Clause 5.2: Specific focus on customer satisfaction , regulatory compliances Ø Clause 5.3: Tasks defined , segregation possible & removal of dependency on single person Ø Clause 6.1: Preparing for uncertainties and review with respective strategic direction Ø Clause 6.2: Detailed methodology for objective tracking as process Ø Clause 6.3: Assessing the impact before introducing changes in structured manner Ø Clause 7.1.1- 7.1.5: Clarity on work env. Safety Related requirements & fitness for purpose for as more practical way. Ø Clause 7.1.6: Operations related knowledge to be compiled as given in notes. Ø Clause 7.2: No change. Ø Clause 7.3: Awareness to nonconformities related to work, product added besides awareness to his own work. Ø Clause 7.4: Clarity on communication, Internal/ external communication are specified. Ø Clause 7.5: Compiled requirements related to documents, record control. Ø Clause 8.1: Overall planning – From customer req. understanding - production, QA, till functional conformity Ø Clause 8.2: No specific change, Understand customer, review before quote and acceptance stage, appropriate communication, and contingency planning Ø Clause 8.3: Control over design stages to ensure failures & risks are taken care during design Ø Clause 8.4: Service provides, supplier is selected, monitored for performance Ø Clause 8.5: Production/ service provision is as defined , and requirements monitored , move to avoid human error added Ø Post delivery activities refer to intended life, Ø Preservation addresses care to be taken during manufacturing and delivery , now adds contamination control too Ø Property of customer, and supplier/ service provider is also considered as part of requirement. Ø Clause 8.6: No specific change, conventional inspection process for product release Ø Clause 8.7: Addresses nonconforming products as defined by organization . The impact, disposal action are further clarified. A Publication of International Certification Services Page 04 Quality Mantra November 2015 A Newsletter of International Certification Services Ø Clause 9.1: Overall performance monitoring includes- customer perception & data analysis. Risk and opportunities added. Ø Clause 9.2: structured way to internally assess processes is internal audit , no major change. Ø Clause 9.3: Management review is to conform the processes performance, and objectives are being met . Consideration to risk, issues shall bring in quality & business focus together. Ø Clause 10.1 :, why & what Types of improvements are clarified . Ø Clause10.2: Deviations to be analyzed in systematic manner and avoid re ocurrance. Now includes preventive measures too, ref to consequences evident. Ø Clause 10.3: Improvements to be obtained from reviews, performance results.Clause 10.1 :, why & what Types of improvements are clarified . Ø Clause10.2: Deviations to be analyzed in systematic manner and avoid re ocurrance. Now includes preventive measures too, ref to consequences evident. Ø Clause 10.3: Improvements to be obtained from reviews, performance results. A Publication of International Certification Services Page 05 Quality Mantra November 2015 A Newsletter of International Certification Services TRANSITION REQUIREMENTS OF NEW STANDARDS ISO 9001 - QMS AND ISO 14001 - EMS Mr. Sudhir Vagal G. M. Certification. International Certification Services Pvt. Ltd. As many of you would be aware, the new Standards of ISO 9001:2015 for QMS and ISO 14001:2015 for EMS have now been published. For all clients the transition period to implement the new requirements is 3 years from the date of publication of new Standard(s) i.e. 15th September 2015. After these 3 years i.e. 14th September 2018 all Certificates issued for ISO 9001:2008 version and ISO 14001: 2004 version, shall be deemed as expired. Hence all certified companies shall need to upgrade their systems as per the new 2015 versions of both QMS and EMS. The revised standards are indeed nice and challenging for all organizations. However you will have to work for developing certain skills, ensuring more involvement of top management, risk based assessment and the most important is setting the context of organisation. In these Standards the Context is "KING" and shall be the back bone for the assessment of any organization. We at International Certification Services, are very keen that our valued clients properly understand the new requirements, so that they can smoothly transform to new system at an early date. In view of this, we have planned the following. During next three months i.e. October / November / December 2015 we shall be upgrading all our Auditors for the new version. From 1st January 2016 ICS will start auditing considering the requirements of new Standards. If non-conformities are observed, ICS will raise two categories of NCs - one against old version and the other against new 2015 version. It will be optional for our certified clients to close or not-to-close the NCs against 2015 version. We opine that this would greatly help our prestigious clients to clearly understand what changes they need to introduce in actual working so as to fulfil the requirements of 2015 version. Upto 30th September 2017 these NCs against 2015 version shall be optional to close for continuation of certification After this date all NCs against 2015 version shall be mandatory for closure. For the financial benefit of our clients, ICS will try its best to complete during Surveillance / Re certification Audits the transition of existing certificate to new version. This would save our clients the charges of additional visits by ICS auditors to verify if the transition requirements are satisfactorily implemented for revising your Certificate as per the new Standard. However if any certified client fails to take advantage of the verification during Surveillance / Re certification Audit, then it may call for additional visit for transition. In other words, ICS will be trying to get the clients transited to 2015 versions in Surveillance / Re certification audit itself. Our group Company M/s ICS Technologies will be conducting open forum training program for Transition in both QMS and EMS Standards, at confessionals rates for our existing clients. Exact dates of these program will be communicated shortly, so that you can depute your personnel for the same to improve their understanding about the new requirements. A small presentation is also attached herewith indicating key changes in these Standards. Please feel free to revert if you need any clarifications / additional information on the subject. We shall deeply appreciate your pro-active interest and will be delighted to assist and guide our clientele. A Publication of International Certification Services Page 06 ISO 9001:2015 "HOW TO MANAGE THE TRANSITION SUCCESSFULLY ...". CLARIFICATION OF NEW STRUCTURE, TERMINOLOGY AND CONCEPTS ANNEX A OF STANDARD A.1 STRUCTURE AND TERMINOLOGY The standard is based on Annex SL of the ISO Directives, a high-level structure (HLS) which standardizes sub- clause titles, core text, common terms and core definitions to enhance compatibility and alignment with other ISO management system standards. The clause structure (i.e. clause sequence) and some of the terminology of this edition of this International Standard, in comparison with the previous edition (ISO 9001:2008), have been changed to improve alignment with other management systems standards. There is no requirement in this International Standard for its structure and terminology to be applied to the documented information of an organization’s quality management system. The structure of clauses is intended to provide a coherent presentation of requirements, rather than a model for documenting an organization’s policies, objectives and processes. The structure and content of documented information related to a quality management system can often be more relevant to its users if it relates to both the processes operated by the organization and information maintained for other purposes. There is no requirement for the terms used by an organization to be replaced by the terms used in this International Standard to specify quality management system requirements. Organizations can choose to use terms which suit their operations (e.g. using “records”, “documentation” or “protocols” rather than “documented information”; or “supplier”, “partner” or “vendor” rather than “external provider”). Table A.1 shows the major differences in terminology between this edition of this International Standard and the previous edition. Table A.1 — Major Differences In Terminology Between ISO 9001:2008 and ISO 9001:2015 ISO 9001:2008 ISO 9001:2015 PRODUCTS Products and Services Not Used EXCLUSIONS (See Clause A.5 for clarification of applicability) Not Used MANAGEMENT REPRESENTATIVE (Similar responsibilities and authorities are assigned but no requirement for a single management representative) DOCUMENTATION, QUALITY MANUAL, Documented Information DOCUMENTED PROCEDURES, RECORDS WORK ENVIRONMENT Environment for the Operation of Processes MONITORING AND MEASURING Monitoring and Measuring Resources EQUIPMENT PURCHASED PRODUCT Externally Provided Products and Services SUPPLIER External Provider A Publication of International Certification Services Page 07 A.2 PRODUCTS AND SERVICES : ISO 9001:2008 used the term “product” to include all output categories. This edition of this International Standard uses “products and services”. “Products and services” include all output categories (hardware, services, software and processed materials). The specific inclusion of “services” is intended to highlight the differences between products and services in the application of some requirements. The characteristic of services is that at least part of the output is realized at the interface with the customer. This means, for example, that conformity to requirements cannot necessarily be confirmed before service delivery. In most cases, products and services are used together. Most outputs that organizations provide to customers, or are supplied to them by external providers, include both products and services. For example, a tangible or intangible product can have some associated service or a service can have some associated tangible or intangible product. A.3 UNDERSTANDING THE NEEDS AND EXPECTATIONS OF INTERESTED PARTIES Sub-clause 4.2 specifies requirements for the organization to determine the interested parties that are relevant to the quality management system and the requirements of those interested parties. However, 4.2 does not imply extension of quality management system requirements beyond the scope of this International Standard. As stated in the scope, this International Standard is applicable where an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction. There is no requirement in this International Standard for the organization to consider interested parties where it has decided that those parties are not relevant to its quality management system. It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its quality management system. A.4 RISK-BASED THINKING The concept of risk-based thinking has been implicit in previous editions of this International Standard, e.g. through requirements for planning, review and improvement. This International Standard specifies requirements for the organization to understand its context (see 4.1) and determine risks as a basis for planning (see 6.1). This represents the application of risk-based thinking to planning and implementing quality management system processes (see 4.4) and will assist in determining the extent of documented information. One of the key purposes of a quality management system is to act as a preventive tool. Consequently, this International Standard does not have a separate clause or sub-clause on preventive action. The concept of preventive action is expressed through the use of risk-based thinking in formulating quality management system requirements. A Publication of International Certification Services Page 08 The risk-based thinking applied in this International Standard has enabled some reduction in prescriptive requirements and their replacement by performance-based requirements. There is greater flexibility than in ISO 9001:2008 in the requirements for processes, documented information and organizational responsibilities. Although 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process. Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard, e.g. through the application of other guidance or standards. Not all the processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives, and the effects of uncertainty are not the same for all organizations. Under the requirements of 6.1, the organization is responsible for its application of risk based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks. A.5 APPLICABILITY This International Standard does not refer to “exclusions” in relation to the applicability of its requirements to the organization’s quality management system. However, an organization can review the applicability of requirements due to the size or complexity of the organization, the management model it adopts, the range of the organization’s activities and the nature of the risks and opportunities it encounters. The requirements for applicability are addressed in 4.3, which defines conditions under which an organization can decide that a requirement cannot be applied to any of the processes within the scope of its quality management system. The organization can only decide that a requirement is not applicable if its decision will not result in failure to achieve conformity of products and services. A.6 DOCUMENTED INFORMATION As part of the alignment with other management system standards, a common clause on “documented information” has been adopted without significant change or addition (see 7.5). Where appropriate, text elsewhere in this International Standard has been aligned with its requirements. Consequently, “documented information” is used for all document requirements. Where ISO 9001:2008 used specific terminology such as “document” or “documented procedures”, “quality manual” or “quality plan”, this edition of this International Standard defines requirements to “maintain documented information”. Where ISO 9001:2008 used the term “records” to denote documents needed to provide evidence of conformity with requirements, this is now expressed as a requirement to “retain documented information”. The organization is responsible for determining what documented information needs to be retained, the period of time for which it is to be retained and the media to be used for its retention. A requirement to “maintain” documented information does not exclude the possibility that the organization might also need to “retain” that same documented information for a particular purpose, e.g. to retain previous versions of it. Where this International Standard refers to “information” rather than “documented information” (e.g. in 4.1: “The organization shall monitor and review the information about these external and internal issues”), there is no requirement that this information is to be documented. In such situations, the organization can decide whether or not it is necessary or appropriate to maintain documented information. A Publication of International Certification Services Page 09 A.7 ORGANIZATIONAL KNOWLEDGE In 7.1.6, this International Standard addresses the need to determine and manage the knowledge maintained by the organization, to ensure the operation of its processes and that it can achieve conformity of products and services. Requirements regarding organizational knowledge were introduced for the purpose of: A) safeguarding the organization from loss of knowledge, e.g. Ø Through Staff Turnover; Ø Failure To Capture And Share Information; B) encouraging the organization to acquire knowledge, e.g. Ø Learning From Experience; Ø Monitoring; Ø Bench Marking. A.8CONTROL OF EXTERNALLY PROVIDED PROCESSES, PRODUCTS AND SERVICES All forms of externally provided processes, products and services are addressed in 8.4, e.g. whether through: A) Purchasing From A Supplier. B) An Arrangement With An Associate Company. C)Outsourcing Processes To An External Provider. Outsourcing always has the essential characteristic of a service, since it will have at least one activity necessarily performed at the interface between the provider and the organization. The controls required for external provision can vary widely depending on the nature of the processes, products and services. The organization can apply risk-based thinking to determine the type and extent of controls appropriate to particular external providers and externally provided processes, products and services A Publication of International Certification Services Page 10